Google’s solution against hijacked Chrome settings is not sufficient

Google Chrome has fewer issues with automated third-party extension installations than Firefox for the simple reason that the browser does not support custom toolbars.

It is still possible that extensions get installed automatically, for instance after installing a security suite on your computer that adds extensions to web browsers for improved functionality.

Things that can happen as well are that programs hijack Chrome browser settings, for instance by changing the browser's home page.

Malicious programs come in disguise more often than not, for instance as a security update that is none, a video plugin that promises better video quality or less buffering, or a free screensaver that looks really cool.

One of the reactions of Google to those attack forms was to add a reset browser settings button to Google Chrome. You find it by opening chrome://settings/ in the browser, clicking on Show advanced settings, and scrolling all the way down to the bottom.

A reset will change important browser settings to their default values, including the homepage, new tab page and search page. It will also disable all extensions, unpin all tabs, and clear data.

It is obvious that this is often not the best option when a third-party program changed only the homepage, or the search provider.

A new feature has been integrated into recent versions of the Chrome browser that moves the reset option to the front of the browser.

Once Chrome notices that settings have been altered by a program -- and not by the user -- it displays a reset notification right there.

If you click reset, all browser settings mentioned above will be reset. So, it is the same feature, but more prominently placed so that users who do not know about the reset feature can use it as well.

This may look good on paper, but it is not sufficient enough if you ask me.

First, if something modifies the browser's homepage, why offer to reset other settings as well? Plus, why reset to the default homepage and not to custom homepages that users may have set in the browser?

Second, resetting the settings may work, or, if malware is still running on the user system, may not work as the malware may revert the settings again, making this an endless game of change and reset until the user starts to investigate the matter and removes the malware on the system.

My suggestion would be to add configuration options to the browser that locks settings in place. When enabled, nothing can change the setting unless disabled first. This would resolve many of the issues that browser users face in regards to modified browser settings.

What's your take on this? Is a reset the right choice to deal with the issue?

About Martin Brinkmann

Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand.
You can follow Martin on Facebook, Twitter or Google+

I just wish there was a way to reset or change the settings without having to open Chrome first. Something like Internet Explorer has in the Control Panel. Deleting the profile folder will do it, but I'd rather avoid that if someone's really customized their settings.

Just a couple of grammar notes:
- "Sufficient" and "enough" mean the same thing, so "sufficient enough" is redundant.
- "Google Chrome has less of issues" should be "Google Chrome has fewer issues". If you can count the item (here: issues) it's a number, requiring the use of "fewer"; if you can't (e.g., "oil"), then it's an amount, requiring the use of "less".

Topics

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.